Database security - Database Security Reminder: Don't Let Down Your Guard - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Database Security Reminder: Don’t Let Down Your Guard

Written By
Brian Prince
Brian Prince
Dec 18, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Compromises can happen quickly – a fact the folks at Sentrigo were recently reminded of when attackers came knocking on their digital door.

On Dec. 1, the company deployed an instance of the Oracle database running on Amazon EC2. Six days later, it was pwned. Fortunately, no production data was in it – just testing data, as the instance was only put up there so the company could demonstrate security software.

“In this instance, we were demoing our vulnerability assessment capabilities to scan the database and find various issues and mis-configurations,” explained Sentrigo CTO Slavik Markovich. “We did have monitoring in place but we did not deploy any blocking rules. And so, we were alerted to the attack and at that point it became interesting to us to let the attackers continue and see in real-time how an real-world attack evolves.”

The attackers discovered the instance with some simple port scanning of servers on the Internet, he said. When they found an open port, they identified it and the Oracle instance running behind it. From there, they were able to get access to the database and escalate privileges.

“The initial connection was done to a demo account without any privileges by brute-forcing the password,” he said. “The elevation to higher level privileges exploited a known vulnerability in one of the Oracle components (OLAP). Then, using these higher privileges the hacker took control of the OS using dbms_scheduler.”

He admitted the Oracle instance wasn’t fully patched – they were using version 11.107 – but was still struck by the speed in which the compromise happened nonetheless.

Andy Feit, vice president of marketing at Sentrigo, said that anonymity does not offer true protection.

“Nobody knew whose server this was, it was just out there,” Feit said.

He added that the situation could have occurred with any cloud provider, or a company-owned server outside the firewall, and that Amazon has a “nice built-in firewall” and monitors outbound traffic from instances to prevent port scanning.

“On the other hand, in the future, I definitely see Amazon and similar providers providing much more like out-of-the-box IDS/IPS and other network controls,” the CTO said.

The moral of the story – don’t expose your database over the Internet without proper security, including firewalls and access controls, and make sure the database is fully patched.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information